HPE Community
Operating System - HP-UX
1848605 Members
6427 Online
104033 Solutions
New Discussion

User Account lockout policy

 
Robert Milne
Frequent Advisor

‎07-04-2006 04:02 PM

‎07-04-2006 04:02 PM

User Account lockout policy

Dear all,

How do you configure user account lockout policy (eg. lock out users after 5 repeated attempts if they supply the wrong login credentials) on HP-UX 11.0 and 11i ? I have looked in SAM under User Modify, select Modify Password Options and then under restrictions you can do things like set password aging etc. but cannot see how to set login attempt failures. Is this possible ?

Regards,

Rob.
"For every pleasure there's a tax."
0 Kudos
Reply
4 REPLIES 4
RAC_1
Honored Contributor

‎07-04-2006 04:06 PM

‎07-04-2006 04:06 PM

Re: User Account lockout policy

You can set the options you want and many more if you convert your system to trusted mode. man tsconvert. Also make sure that you are up to date on patches-particularly security patches.

Once you convert to trusted mode, all passwords will expire. Do /usr/lbin/modprpw -V to avoid it.

man getprpw
man modprpw
man getprdef
man modprdef
There is no substitute to HARDWORK
0 Kudos
Reply
Robert Milne
Frequent Advisor

‎07-04-2006 04:22 PM

‎07-04-2006 04:22 PM

Re: User Account lockout policy

Hi RAC,

Thanks.
I did a man tsconvert on our 11.11 system but their was no manual for this. Would this have come with a particular security option or patch ?

Neither is their for getprdef and modprdef. Perhaps I am missing some installed module ?

All the best,

Rob.
"For every pleasure there's a tax."
0 Kudos
Reply
Prashanth.D.S
Honored Contributor

‎07-04-2006 04:51 PM

‎07-04-2006 04:51 PM

Re: User Account lockout policy

Hi Rob,

You can get more information on trusted system enabling on the below mentioned link.. will try to find some more information on your query..

http://docs.hp.com/en/B2355-90121/ch01s04.html

Best Regards,
Prashanth
0 Kudos
Reply
RAC_1
Honored Contributor

‎07-04-2006 05:04 PM

‎07-04-2006 05:04 PM

Re: User Account lockout policy

There might not be a man page for tsconvert. You can use SAM or command line (/etc/tsconvert -c) to convert to trusted system. SAM should be preferred.
There is no substitute to HARDWORK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.